From 8029646bf5cf98fa1503fadbe99795d77aaa1a78 Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Thu, 7 Nov 2024 09:45:14 +0100 Subject: [PATCH 01/13] Annonations to checkin in 2.0-alpha1 --- fedcloudclient/checkin.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fedcloudclient/checkin.py b/fedcloudclient/checkin.py index 41b03bd..9e9e58b 100644 --- a/fedcloudclient/checkin.py +++ b/fedcloudclient/checkin.py @@ -30,6 +30,7 @@ def print_error(message, quiet): print(message, file=sys.stderr) +""" Included in auth.py, line 50""" def decode_token(oidc_access_token): """ Decoding access token to a dict @@ -44,6 +45,7 @@ def decode_token(oidc_access_token): return payload + def oidc_discover(oidc_url): """ Discover OIDC endpoints @@ -57,6 +59,7 @@ def oidc_discover(oidc_url): return request.json() +""" Included in auth.py, line 74""" def get_token_from_oidc_agent(oidc_agent_account, quiet=False): """ Get access token from oidc-agent @@ -82,6 +85,7 @@ def get_token_from_oidc_agent(oidc_agent_account, quiet=False): return None +""" Included in auth.py, line 99""" def get_token_from_mytoken_server(mytoken, mytoken_server, quiet=False): """ Get access token from mytoken server @@ -167,8 +171,7 @@ def get_access_token( oidc_access_token, oidc_agent_account, mytoken, - mytoken_server, -): + mytoken_server,): """ Get access token Generates new access token from oidc-agent From 4936031bbce1c22dc3e470bbe3bade2577d5d51c Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Mon, 11 Nov 2024 10:37:17 +0100 Subject: [PATCH 02/13] test branch with fro conf.py --- fedcloudclient/auth.py | 5 +++++ fedcloudclient/checkin.py | 2 +- fedcloudclient/conf.py | 9 +++++++++ fedcloudclient/shell.py | 13 ++++++++++++- 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/fedcloudclient/auth.py b/fedcloudclient/auth.py index 7b05cb3..70105c2 100644 --- a/fedcloudclient/auth.py +++ b/fedcloudclient/auth.py @@ -154,3 +154,8 @@ def multiple_token(self, access_token: str, oidc_agent_account: str, mytoken: st self.access_token = access_token return log_and_raise("Cannot get access token", TokenError) + +print("Done") +print("Done") + + diff --git a/fedcloudclient/checkin.py b/fedcloudclient/checkin.py index 9e9e58b..435676d 100644 --- a/fedcloudclient/checkin.py +++ b/fedcloudclient/checkin.py @@ -153,7 +153,7 @@ def check_token(oidc_token, verbose=False): def get_checkin_id( oidc_token, -): + ): """ Get EGI Check-in ID from access token diff --git a/fedcloudclient/conf.py b/fedcloudclient/conf.py index 5f55474..43c6eec 100644 --- a/fedcloudclient/conf.py +++ b/fedcloudclient/conf.py @@ -158,3 +158,12 @@ def show(config_file: str, output_format: str): CONF = init_config() + +for env in os.environ: + print(f"\n {env} \t {type(env)}") +print(f"Test of config: {None}") +print(f"Done") + + + + diff --git a/fedcloudclient/shell.py b/fedcloudclient/shell.py index 88b2413..77ae92b 100644 --- a/fedcloudclient/shell.py +++ b/fedcloudclient/shell.py @@ -35,7 +35,7 @@ def get_shell_type(): return Shell.LINUX - +""" Imported to the sites """ def print_set_env_command(name, value): """ Print command to set environment variable, @@ -62,3 +62,14 @@ def print_comment(comment): print(f"# {comment!s}") else: print(f"rem {comment!s}") + + +out_1=Shell(1) + +print(type(out_1)) +print(Shell.LINUX) + +print(print_comment({"gewgweg": False})) +print(f"Done") + + From 000815522e42051cb59a3feab40f00be7fe1e871 Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Wed, 13 Nov 2024 07:30:16 +0100 Subject: [PATCH 03/13] conf changes --- fedcloudclient/conf.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/fedcloudclient/conf.py b/fedcloudclient/conf.py index 43c6eec..a2b78c8 100644 --- a/fedcloudclient/conf.py +++ b/fedcloudclient/conf.py @@ -10,7 +10,7 @@ import yaml from tabulate import tabulate -from fedcloudclient.exception import ConfigError +#from fedcloudclient.exception import ConfigError DEFAULT_CONFIG_LOCATION = Path.home() / ".config/fedcloud/config.yaml" DEFAULT_SETTINGS = { @@ -137,6 +137,7 @@ def create(config_file: str): envvar="FEDCLOUD_CONFIG_FILE", show_default=True, ) + @click.option( "--output-format", "-f", @@ -144,6 +145,7 @@ def create(config_file: str): help="Output format", type=click.Choice(["text", "YAML", "JSON"], case_sensitive=False), ) + def show(config_file: str, output_format: str): """Show actual client configuration """ saved_config = load_config(config_file) @@ -158,12 +160,18 @@ def show(config_file: str, output_format: str): CONF = init_config() +show() + for env in os.environ: - print(f"\n {env} \t {type(env)}") -print(f"Test of config: {None}") -print(f"Done") + #print(f"\n {env} \t {type(env)}") + pass +#print(f"Test of config: {None}") +#print(f"Done") +if __name__=="__main__": + config() + CONF From be6c8b6397ed6f8637c897b0c3725e0bac1d2e54 Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Mon, 18 Nov 2024 13:04:08 +0100 Subject: [PATCH 04/13] conf_11_18 --- fedcloudclient/auth_test.py | 3 +++ fedcloudclient/conf.py | 15 --------------- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/fedcloudclient/auth_test.py b/fedcloudclient/auth_test.py index a12845e..d88ee91 100644 --- a/fedcloudclient/auth_test.py +++ b/fedcloudclient/auth_test.py @@ -2,10 +2,12 @@ Testing unit for auth.py """ import os +print(f"Start of auth_test") import fedcloudclient.auth as auth + def get_token_from_mytoken_decode_verify(mytoken: str, user_id: str): """ Get access token from mytoken server, decode, get user ID and verify @@ -19,6 +21,7 @@ def get_token_from_mytoken_decode_verify(mytoken: str, user_id: str): if __name__ == "__main__": + print(f"Start of main auth_test") mytoken = os.environ["FEDCLOUD_MYTOKEN"] user_id = os.environ["FEDCLOUD_ID"] get_token_from_mytoken_decode_verify(mytoken, user_id) diff --git a/fedcloudclient/conf.py b/fedcloudclient/conf.py index a2b78c8..5631a16 100644 --- a/fedcloudclient/conf.py +++ b/fedcloudclient/conf.py @@ -160,18 +160,3 @@ def show(config_file: str, output_format: str): CONF = init_config() -show() - - -for env in os.environ: - #print(f"\n {env} \t {type(env)}") - pass - -#print(f"Test of config: {None}") -#print(f"Done") - -if __name__=="__main__": - config() - CONF - - From d898caf6c6157dc9c3abdd7fb0a4b69fe8b0916c Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Mon, 18 Nov 2024 13:38:56 +0100 Subject: [PATCH 05/13] conf_11_18_v2 --- fedcloudclient/auth.py | 4 ++-- fedcloudclient/auth_test.py | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/fedcloudclient/auth.py b/fedcloudclient/auth.py index 70105c2..371204b 100644 --- a/fedcloudclient/auth.py +++ b/fedcloudclient/auth.py @@ -155,7 +155,7 @@ def multiple_token(self, access_token: str, oidc_agent_account: str, mytoken: st return log_and_raise("Cannot get access token", TokenError) -print("Done") -print("Done") +print("Done auth.py") + diff --git a/fedcloudclient/auth_test.py b/fedcloudclient/auth_test.py index d88ee91..b9c26c8 100644 --- a/fedcloudclient/auth_test.py +++ b/fedcloudclient/auth_test.py @@ -15,13 +15,17 @@ def get_token_from_mytoken_decode_verify(mytoken: str, user_id: str): """ token = auth.OIDCToken() - token.get_token_from_mytoken(mytoken) + token.multiple_token(mytoken,user_id, None) token_id = token.get_user_id() + assert token_id == user_id if __name__ == "__main__": print(f"Start of main auth_test") + user_name=input("User ID for OIDC agent: ") + get_token_from_mytoken_decode_verify(None,user_name) + mytoken = os.environ["FEDCLOUD_MYTOKEN"] user_id = os.environ["FEDCLOUD_ID"] get_token_from_mytoken_decode_verify(mytoken, user_id) From dd0aeba41d7096b4b8e58f270477d0be9279d13f Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Mon, 2 Dec 2024 10:51:03 +0100 Subject: [PATCH 06/13] changes_24_12_03 --- fedcloudclient/auth.py | 1 + fedcloudclient/auth_test.py | 23 +++++++++++++++++------ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/fedcloudclient/auth.py b/fedcloudclient/auth.py index 371204b..b305d71 100644 --- a/fedcloudclient/auth.py +++ b/fedcloudclient/auth.py @@ -67,6 +67,7 @@ def get_user_id(self) -> str: Return use ID :return: """ + if not self.payload: self.decode_token() return self.user_id diff --git a/fedcloudclient/auth_test.py b/fedcloudclient/auth_test.py index b9c26c8..6c7b28e 100644 --- a/fedcloudclient/auth_test.py +++ b/fedcloudclient/auth_test.py @@ -17,15 +17,26 @@ def get_token_from_mytoken_decode_verify(mytoken: str, user_id: str): token = auth.OIDCToken() token.multiple_token(mytoken,user_id, None) token_id = token.get_user_id() - - assert token_id == user_id + token_test=token.access_token + print("End of: def get_token_from_mytoken_decode_verify") + + pass + #assert token_id == user_id if __name__ == "__main__": print(f"Start of main auth_test") - user_name=input("User ID for OIDC agent: ") - get_token_from_mytoken_decode_verify(None,user_name) + + + oicd_user_name = os.environ.get("OIDC_AGENT_ACCOUNT") + + print("OIDC_AGENT_ACCOUNT: Done") + get_token_from_mytoken_decode_verify(None, oicd_user_name) + + mytoken = os.environ.get["FEDCLOUD_MYTOKEN"] + user_id = os.environ.get["FEDCLOUD_ID"] + - mytoken = os.environ["FEDCLOUD_MYTOKEN"] - user_id = os.environ["FEDCLOUD_ID"] get_token_from_mytoken_decode_verify(mytoken, user_id) + + From d11ca5b60be525070cd8779bd462f8ec0d780ad8 Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Tue, 3 Dec 2024 09:06:07 +0100 Subject: [PATCH 07/13] changes_24_12_03_A --- fedcloudclient/auth.py | 15 ++++++++++++++- fedcloudclient/auth_test.py | 19 +++++++++++-------- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/fedcloudclient/auth.py b/fedcloudclient/auth.py index b305d71..023a4dc 100644 --- a/fedcloudclient/auth.py +++ b/fedcloudclient/auth.py @@ -5,6 +5,7 @@ import jwt import liboidcagent as agent import requests +import os from fedcloudclient.conf import CONF as CONF from fedcloudclient.exception import TokenError @@ -67,7 +68,7 @@ def get_user_id(self) -> str: Return use ID :return: """ - + if not self.payload: self.decode_token() return self.user_id @@ -88,6 +89,8 @@ def get_token_from_oidc_agent(self, oidc_agent_account: str) -> str: ) self.access_token = access_token self.oidc_agent_account = oidc_agent_account + + return access_token except agent.OidcAgentError as exception: error_msg = f"Error getting access token from oidc-agent: {exception}" @@ -141,20 +144,30 @@ def multiple_token(self, access_token: str, oidc_agent_account: str, mytoken: st """ if mytoken: try: + + """need to implement from mytoken and check""" + self.get_token_from_mytoken(mytoken) + #os.environ["FEDCLOUD_MYTOKEN"]=self.access_token + #os.environ["FEDCLOUD_ID"]=self.get_user_id() return except TokenError: pass if oidc_agent_account: try: self.get_token_from_oidc_agent(oidc_agent_account) + os.environ["FEDCLOUD_MYTOKEN"]=self.access_token + os.environ["FEDCLOUD_ID"]=self.get_user_id() return except TokenError: pass if access_token: self.access_token = access_token + os.environ["FEDCLOUD_MYTOKEN"]=access_token + os.environ["FEDCLOUD_ID"]=self.get_user_id() return log_and_raise("Cannot get access token", TokenError) + print("Done auth.py") diff --git a/fedcloudclient/auth_test.py b/fedcloudclient/auth_test.py index 6c7b28e..ffedfab 100644 --- a/fedcloudclient/auth_test.py +++ b/fedcloudclient/auth_test.py @@ -5,7 +5,7 @@ print(f"Start of auth_test") import fedcloudclient.auth as auth - +from fedcloudclient.conf import CONF as CONF def get_token_from_mytoken_decode_verify(mytoken: str, user_id: str): @@ -26,16 +26,19 @@ def get_token_from_mytoken_decode_verify(mytoken: str, user_id: str): if __name__ == "__main__": print(f"Start of main auth_test") - - - oicd_user_name = os.environ.get("OIDC_AGENT_ACCOUNT") + + access_token = os.environ.get("OIDC_ACCESS_TOKEN","") + oicd_user_name = os.environ.get("OIDC_AGENT_ACCOUNT","") + server_token = os.environ.get("FEDCLOUD_SERVERTOKEN","") - print("OIDC_AGENT_ACCOUNT: Done") + print("OIDC_AGENT_ACCOUNT:\t Done") get_token_from_mytoken_decode_verify(None, oicd_user_name) - mytoken = os.environ.get["FEDCLOUD_MYTOKEN"] - user_id = os.environ.get["FEDCLOUD_ID"] - + mytoken = os.environ.get("FEDCLOUD_MYTOKEN") + print(f"FEDCLOUD_MYTOKEN:\t Done\n {mytoken}") + + user_id = os.environ.get("FEDCLOUD_ID") + print(f"FEDCLOUD_ID:\t Done\n{user_id}") get_token_from_mytoken_decode_verify(mytoken, user_id) From 7408ed5e9183f242668815158f74c590d4c0e832 Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Mon, 9 Dec 2024 14:07:49 +0100 Subject: [PATCH 08/13] changes_24_12_09 --- fedcloudclient/auth.py | 39 +++++++++++--- fedcloudclient/auth_test.py | 102 ++++++++++++++++++++++++++++-------- 2 files changed, 112 insertions(+), 29 deletions(-) diff --git a/fedcloudclient/auth.py b/fedcloudclient/auth.py index 023a4dc..bd13c04 100644 --- a/fedcloudclient/auth.py +++ b/fedcloudclient/auth.py @@ -6,6 +6,7 @@ import liboidcagent as agent import requests import os +import re from fedcloudclient.conf import CONF as CONF from fedcloudclient.exception import TokenError @@ -24,6 +25,7 @@ def get_token_type(self): ... + class OIDCToken(Token): """ OIDC tokens. Managing access tokens, oidc-agent account and mytoken @@ -36,6 +38,7 @@ def __init__(self, access_token=None): self.oidc_agent_account = None self.mytoken = None self.user_id = None + self._VO_PATTERN = "urn:mace:egi.eu:group:(.+?):(.+:)*role=member#aai.egi.eu" def get_token(self): """ @@ -148,28 +151,50 @@ def multiple_token(self, access_token: str, oidc_agent_account: str, mytoken: st """need to implement from mytoken and check""" self.get_token_from_mytoken(mytoken) - #os.environ["FEDCLOUD_MYTOKEN"]=self.access_token - #os.environ["FEDCLOUD_ID"]=self.get_user_id() return except TokenError: pass if oidc_agent_account: try: self.get_token_from_oidc_agent(oidc_agent_account) - os.environ["FEDCLOUD_MYTOKEN"]=self.access_token - os.environ["FEDCLOUD_ID"]=self.get_user_id() return except TokenError: pass if access_token: self.access_token = access_token - os.environ["FEDCLOUD_MYTOKEN"]=access_token - os.environ["FEDCLOUD_ID"]=self.get_user_id() return log_and_raise("Cannot get access token", TokenError) + def oidc_discover(self) -> dict: + """ + :param oidc_url: CheckIn URL get from payload + :return: JSON object of OIDC configuration + """ + oidc_url=self.payload["iss"] + request = requests.get(oidc_url + "/.well-known/openid-configuration") + request.raise_for_status() + self.request_json=request.json() + return self.request_json -print("Done auth.py") + def token_list_vos(self): + """ + List VO memberships in EGI Check-in + :return: list of VO names + """ + oidc_ep = self.request_json + var1=oidc_ep["userinfo_endpoint"] + var2={"Authorization": f"Bearer {self.access_token}"} + request = requests.get(oidc_ep["userinfo_endpoint"], auth= ("Bearer", self.access_token)) + #request = requests.get(oidc_ep["userinfo_endpoint"], auth=('user', 'pass')) + + request.raise_for_status() + vos = set() + pattern = re.compile(self._VO_PATTERN) + for claim in request.json().get("eduperson_entitlement", []): + vo = pattern.match(claim) + if vo: + vos.add(vo.groups()[0]) + return sorted(vos) diff --git a/fedcloudclient/auth_test.py b/fedcloudclient/auth_test.py index ffedfab..9129e57 100644 --- a/fedcloudclient/auth_test.py +++ b/fedcloudclient/auth_test.py @@ -2,44 +2,102 @@ Testing unit for auth.py """ import os -print(f"Start of auth_test") +from colorama import init as colorama_init +from colorama import Fore +from colorama import Style import fedcloudclient.auth as auth from fedcloudclient.conf import CONF as CONF -def get_token_from_mytoken_decode_verify(mytoken: str, user_id: str): + +def verify_MYTOKEN(mytoken: str) -> str: """ Get access token from mytoken server, decode, get user ID and verify - :return: """ token = auth.OIDCToken() - token.multiple_token(mytoken,user_id, None) - token_id = token.get_user_id() - token_test=token.access_token - print("End of: def get_token_from_mytoken_decode_verify") + try: + access_token_mytoken=token.get_token_from_mytoken(mytoken, None) + return access_token_mytoken + except: + return print(f"No MYTOKEN") - pass - #assert token_id == user_id + +def verify_OIDC_AGENT(user_id:str) -> str: + token = auth.OIDCToken() + try: + access_token_oidc=token.get_token_from_oidc_agent(user_id) + return access_token_oidc + except: + return print(f"No OIDC_AGENT_ACCOUNT") -if __name__ == "__main__": - print(f"Start of main auth_test") - - access_token = os.environ.get("OIDC_ACCESS_TOKEN","") - oicd_user_name = os.environ.get("OIDC_AGENT_ACCOUNT","") - server_token = os.environ.get("FEDCLOUD_SERVERTOKEN","") - print("OIDC_AGENT_ACCOUNT:\t Done") - get_token_from_mytoken_decode_verify(None, oicd_user_name) +def verify_ACCESS_TOKEN(access_token:str) -> str: + token = auth.OIDCToken() + try: + token.access_token=access_token + return token.access_token + except: + return print(f"Error with ACCESS_TOKEN") - mytoken = os.environ.get("FEDCLOUD_MYTOKEN") - print(f"FEDCLOUD_MYTOKEN:\t Done\n {mytoken}") +def verify_user_id(access_token:str) -> str: + token = auth.OIDCToken() + token.access_token=access_token + try: + user_id=token.get_user_id() + return user_id + except: + print("No user_id!") - user_id = os.environ.get("FEDCLOUD_ID") - print(f"FEDCLOUD_ID:\t Done\n{user_id}") +def verify_pyload(access_token:str) -> dict: + token = auth.OIDCToken() + token.access_token=access_token + #try: + user_id=token.get_user_id() + payload=token.payload + request_json=token.oidc_discover() + list_vos=token.token_list_vos() + return payload,request_json,list_vos + #except: + # print("No user_id!") + + +def printing_dict(var_dict:dict): + for idx, item in enumerate(var_dict): + print(f"{item}:\t {var_dict[item]}") + + +if __name__ == "__main__": + print(f"Start of verifying auth.py") + mytoken=os.environ.get("FEDCLOUD_MYTOKEN","") + access_token_mytok=verify_MYTOKEN(mytoken) + + oidc_agent_name=os.environ.get("OIDC_AGENT_ACCOUNT","") + access_token_oidca=verify_OIDC_AGENT(oidc_agent_name) - get_token_from_mytoken_decode_verify(mytoken, user_id) + access_token= os.environ.get("ACCESS_TOKEN","") + access_token_check=verify_ACCESS_TOKEN(access_token) + + user_id=verify_user_id(access_token_check) + payload,request_json,list_vos=verify_pyload(access_token_check) + + + + + print(f"{type(payload)}") + printing_dict(payload) + print("-------------------------------------------------") + printing_dict(request_json) + print(f"Break") + + + + + + + + From 68b3e1ff438f8ee2a71dd9f5c1b1987ad4acd9b9 Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Mon, 9 Dec 2024 15:04:24 +0100 Subject: [PATCH 09/13] changes_24_12_09_A --- fedcloudclient/auth.py | 7 +++++-- fedcloudclient/auth_test.py | 10 +++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/fedcloudclient/auth.py b/fedcloudclient/auth.py index bd13c04..7094371 100644 --- a/fedcloudclient/auth.py +++ b/fedcloudclient/auth.py @@ -185,12 +185,15 @@ def token_list_vos(self): oidc_ep = self.request_json var1=oidc_ep["userinfo_endpoint"] var2={"Authorization": f"Bearer {self.access_token}"} - request = requests.get(oidc_ep["userinfo_endpoint"], auth= ("Bearer", self.access_token)) - #request = requests.get(oidc_ep["userinfo_endpoint"], auth=('user', 'pass')) + + headers = {"Authorization": f"Bearer {self.access_token}"} + + request = requests.get("https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/userinfo", headers=headers) #"https://aai.egi.eu/auth/realms/egi" request.raise_for_status() vos = set() pattern = re.compile(self._VO_PATTERN) + json_got=request.json()#.get("eduperson_entitlement", []) for claim in request.json().get("eduperson_entitlement", []): vo = pattern.match(claim) if vo: diff --git a/fedcloudclient/auth_test.py b/fedcloudclient/auth_test.py index 9129e57..26d2d33 100644 --- a/fedcloudclient/auth_test.py +++ b/fedcloudclient/auth_test.py @@ -55,11 +55,11 @@ def verify_pyload(access_token:str) -> dict: token = auth.OIDCToken() token.access_token=access_token #try: - user_id=token.get_user_id() - payload=token.payload - request_json=token.oidc_discover() - list_vos=token.token_list_vos() - return payload,request_json,list_vos + user_id=token.get_user_id() + payload=token.payload + request_json=token.oidc_discover() + list_vos=token.token_list_vos() + return payload,request_json,list_vos #except: # print("No user_id!") From df96c8c3120ff7db12646088e4fab6aaea99b9e5 Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Tue, 10 Dec 2024 11:26:52 +0100 Subject: [PATCH 10/13] changes_24_12_10 --- fedcloudclient/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fedcloudclient/auth.py b/fedcloudclient/auth.py index 7094371..d9380c8 100644 --- a/fedcloudclient/auth.py +++ b/fedcloudclient/auth.py @@ -188,7 +188,7 @@ def token_list_vos(self): headers = {"Authorization": f"Bearer {self.access_token}"} - request = requests.get("https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/userinfo", headers=headers) #"https://aai.egi.eu/auth/realms/egi" + request = requests.get("https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/auth", headers=headers) #"https://aai.egi.eu/auth/realms/egi" request.raise_for_status() vos = set() From 5842e37928caa39f613c8bd861d640277424b58b Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Tue, 10 Dec 2024 14:07:25 +0100 Subject: [PATCH 11/13] Changes_24_12_10_A --- fedcloudclient/auth.py | 2 +- fedcloudclient/auth_test.py | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/fedcloudclient/auth.py b/fedcloudclient/auth.py index d9380c8..7094371 100644 --- a/fedcloudclient/auth.py +++ b/fedcloudclient/auth.py @@ -188,7 +188,7 @@ def token_list_vos(self): headers = {"Authorization": f"Bearer {self.access_token}"} - request = requests.get("https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/auth", headers=headers) #"https://aai.egi.eu/auth/realms/egi" + request = requests.get("https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/userinfo", headers=headers) #"https://aai.egi.eu/auth/realms/egi" request.raise_for_status() vos = set() diff --git a/fedcloudclient/auth_test.py b/fedcloudclient/auth_test.py index 26d2d33..84f137c 100644 --- a/fedcloudclient/auth_test.py +++ b/fedcloudclient/auth_test.py @@ -84,8 +84,6 @@ def printing_dict(var_dict:dict): payload,request_json,list_vos=verify_pyload(access_token_check) - - print(f"{type(payload)}") printing_dict(payload) print("-------------------------------------------------") From 0f36a5f6c120eedd083abc436f080bf9d50012c0 Mon Sep 17 00:00:00 2001 From: Jaromir_SAS Date: Tue, 17 Dec 2024 12:19:04 +0100 Subject: [PATCH 12/13] changes_24_12_17 --- fedcloudclient/auth.py | 15 +++++++++------ fedcloudclient/auth_test.py | 15 +++++++++------ 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/fedcloudclient/auth.py b/fedcloudclient/auth.py index 7094371..2ac6d8f 100644 --- a/fedcloudclient/auth.py +++ b/fedcloudclient/auth.py @@ -13,6 +13,7 @@ from fedcloudclient.logger import log_and_raise + class Token: """ Abstract object for managing tokens @@ -183,21 +184,23 @@ def token_list_vos(self): """ oidc_ep = self.request_json - var1=oidc_ep["userinfo_endpoint"] - var2={"Authorization": f"Bearer {self.access_token}"} - - headers = {"Authorization": f"Bearer {self.access_token}"} + z_user_info=oidc_ep["userinfo_endpoint"] + z_head={"Authorization": f"Bearer {self.access_token}"} - request = requests.get("https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/userinfo", headers=headers) #"https://aai.egi.eu/auth/realms/egi" + request = requests.get( + oidc_ep["userinfo_endpoint"], + headers={"Authorization": f"Bearer {self.access_token}"}, + ) request.raise_for_status() vos = set() pattern = re.compile(self._VO_PATTERN) - json_got=request.json()#.get("eduperson_entitlement", []) for claim in request.json().get("eduperson_entitlement", []): vo = pattern.match(claim) if vo: vos.add(vo.groups()[0]) + request.raise_for_status() + return sorted(vos) diff --git a/fedcloudclient/auth_test.py b/fedcloudclient/auth_test.py index 84f137c..a293f32 100644 --- a/fedcloudclient/auth_test.py +++ b/fedcloudclient/auth_test.py @@ -9,7 +9,7 @@ import fedcloudclient.auth as auth from fedcloudclient.conf import CONF as CONF - +VO_PATTERN = "urn:mace:egi.eu:group:(.+?):(.+:)*role=member#aai.egi.eu" def verify_MYTOKEN(mytoken: str) -> str: """ @@ -71,23 +71,26 @@ def printing_dict(var_dict:dict): if __name__ == "__main__": print(f"Start of verifying auth.py") + + access_token= os.environ.get("ACCESS_TOKEN","") + access_token_check=verify_ACCESS_TOKEN(access_token) + mytoken=os.environ.get("FEDCLOUD_MYTOKEN","") access_token_mytok=verify_MYTOKEN(mytoken) oidc_agent_name=os.environ.get("OIDC_AGENT_ACCOUNT","") access_token_oidca=verify_OIDC_AGENT(oidc_agent_name) - access_token= os.environ.get("ACCESS_TOKEN","") - access_token_check=verify_ACCESS_TOKEN(access_token) - - user_id=verify_user_id(access_token_check) - payload,request_json,list_vos=verify_pyload(access_token_check) + user_id=verify_user_id(access_token_oidca) + payload,request_json,list_vos=verify_pyload(access_token_oidca) print(f"{type(payload)}") printing_dict(payload) print("-------------------------------------------------") printing_dict(request_json) + print("-------------------------------------------------") + print(list_vos) print(f"Break") From 320117a51ba823384f19dc5c63ca869063c584ac Mon Sep 17 00:00:00 2001 From: jaro221 Date: Tue, 21 Jan 2025 13:32:28 +0100 Subject: [PATCH 13/13] changes_25_01_21 --- fedcloudclient/auth_test.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fedcloudclient/auth_test.py b/fedcloudclient/auth_test.py index a293f32..13b5df8 100644 --- a/fedcloudclient/auth_test.py +++ b/fedcloudclient/auth_test.py @@ -79,10 +79,10 @@ def printing_dict(var_dict:dict): access_token_mytok=verify_MYTOKEN(mytoken) oidc_agent_name=os.environ.get("OIDC_AGENT_ACCOUNT","") - access_token_oidca=verify_OIDC_AGENT(oidc_agent_name) + access_token_oidc=verify_OIDC_AGENT(oidc_agent_name) - user_id=verify_user_id(access_token_oidca) - payload,request_json,list_vos=verify_pyload(access_token_oidca) + user_id=verify_user_id(access_token_oidc) + payload,request_json,list_vos=verify_pyload(access_token_oidc) print(f"{type(payload)}")